i then have a code that runs on each page load that checks ID_User and a few other sessions against the database and if they don't match up it runs session_destroy(); i was just wondering if this is secure or should i be doing something else to limit user only content?